Access Web tier logic in my Interceptor

[asv]

I have a portal application. User are registering via Portal.

In my SecurityInterceptor I need access user profile. I need to check username and role and perform simple logic.

The question is What is the best design for these requirements? (Maybe I will have another application server and perform business logic inside EJB container)

To create SecurityAdapter and pass it to Interceptor? SecurityAdapter cold be different for web and ejb container...

Is there better design?

[Alef Arendsen]

Well, the fact that the security adapter could be different for EJB-based business logic is solved by an interface, isn't it. You can simply pass the a different implementation to the interceptor, couldn't you?

rgds,
Alef

[asv]

Thanks. Of course I can do that. And It is the only one way that I have found. This task confused me. I dont know which way is the best for J2EE application. I think this task isn't unusual.

Today I'm using only Web container and Spring Service abstraction as business tier. There is no problem to access user profile. But I think the best design for J2EE app is to consider Web logic and busineess on different app servers.

I dont know will it work if I decided to move business logic to another app server(In theory). I don't know would be posible to get user name ( user name in portal) inside EJB container. (I think bu user name I will have to access LDAP) therefore I don't know Is it a correct design or not.

Did you solve the same problem?

[Alef Arendsen]

The discussion on whether or not to position business logic in a different VM (app.server) than the web logic is one that is dates back a long time already. I personally (as do lots of the guys from the Spring tier) consider moving business logic to a different application server (in other words remoting your business logic) a bit useless. The remoting gives you a lot of overhead and while in theory it sounds kind of nice, it gives a whole lot of problems in practice (like the one you're having).

About your specific problem: there are a couple of different things you have to separate here:

1. The requirements of getting the username in the web tier. This isn't an unusual requirement and you can express it using an interface (String getUsername() for example).
2. The way you're actually getting the username. This is code you have to implement yourself, either in a Data acccess object that accesses a database or in some other object that accesses an LDAP server
3. The way you're getting at the code that offers you the possibility to retrieve a username (in other words, obtaining an implementation of the interface specified in 1). This is what Dependency Injection is for and in combination with Spring's features for for example accessing EJBs you shouldn't have to worry about this too much. As long as the Interceptor expresses a dependency on the interface specified in 1, you can pass an implementation of the interface (whether it be an EJB or a local object) using DI.

rgds,
alef